[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Portsentry, ipchains and pmfirewall

Subject: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
From: Francisco Sánchez <lists@xxxxxxxxxxxxx>
Date: Fri, 18 Jan 2002 17:36:42 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Ok, I see.  If you add a rule to allow access to ssh to an IP only, you are
supposed to add a rule next to deny access to all other addresses.

Since I only want to have ports 80 and 443 open in my server, as well as 22
and 81 for restricted access, I wonder if I could do with these rules:


$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 80 -j ACCEPT
$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 443 -j ACCEPT
$IPCHAINS -A input -p tcp -s MY-IP/MY-NETMASK -d $OUTERNET 22 -j ACCEPT
$IPCHAINS -A input -p tcp -s MY-IP/MY-NETMASK -d $REMOTENET 81 -i
$OUTERIF -j ACCEPT
$IPCHAINS -A input -j DENY -s $REMOTENET -d $REMOTENET -i $OUTERIF

I understand that this would DENY all traffic, except http and https for the
outside world, and only accept ssh and port 81 connections from the IPs I
define.  Am I right.

Any advise will be much appreciated before I put these rules in practice, as
I do not want to be kicked out of my machine :-)

Regards,

Francisco


----- Original Message -----
From: "Gerald Waugh" <gerald@xxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Thursday, 17 January, 2002 16:40
Subject: Re: [cobalt-security] Portsentry, ipchains and pmfirewall


> On Thu, 17 Jan 2002, Francisco Sánchez wrote:
> > Now I have installed on my RaQ3 ipchains and pmfirewall, along with
> > portsentry.
> >
> > However there are a couple of things I don't have clear:
> >
> > - 1.  When using ipchains, you can choose either to reject or deny
> > connections to a particular port.  However you can also allow
connections to
> > a port to a given IP address and netmask.  That is what I have done
with,
> > for expample, ssh.  My question here is, for those people who try now to
> > connect by ssh from an IP other than those allowed, what will the get,
> > reject or deny?
>
> They will get what ever you have for example ssh default set for.
>    you need a rule to deny or reject ssh
>
> > -2. Also, with portsentry, there is an ignore file, but I have seen that
> > after a restart or reboot, the entries you add there are deleted.
However,
> > the IP addresses for the machine and 127.0.0.1 are always there.  How
can an
> > IP or IP range be added permanently to that file?
>
> Can't help on this one, since I use ipchains, I don't use portsentry.
>
> --
> Gerald Waugh
> Registered Linux User 255245
> register at http://counter.li.org
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

Follow-Ups:
- Re: [cobalt-security] Portsentry, ipchains and pmfirewall
  - From: Michael Stauber
- Re: [cobalt-security] Portsentry, ipchains and pmfirewall
  - From: Gerald Waugh

References:
- [cobalt-security] Portsentry, ipchains and pmfirewall
  - From: Francisco Sánchez
- Re: [cobalt-security] Portsentry, ipchains and pmfirewall
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-security] Anyone using myNetWatchman.com?
Next by Date: Re: [cobalt-security] Anyone using myNetWatchman.com?
Previous by thread: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
Next by thread: Re: [cobalt-security] Portsentry, ipchains and pmfirewall

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index